Language

Search

4.11 The Content Integrity Set of rules

The CIS (Content Integrity Set of rules) is responsible for ﬁghting against a DoS (Denialof Service) attacks by stream spoiling (also known as pollution attacks). This actioncould be carried out by possible custom implementations of peers that might topoison∗∗A poisoned chunk is a chunk that seems to be OK, but which the sender has changed in such away that when played, introduces no information (for example, a chunk ﬁlled with zeroes) or evenwrong information.(by altering willfully) the content of the stream. This set of rules could be also useful inthose situations where the transmission links are error-prone and the error detectionmechanism of the underlaying transport protocol has been disabled.

In the CIS is proposed use a hash of the content of Chunks to discover a attackerpeer. The rules are:

One or more peers of the team are selected as trusted peers so that only thesplitter knows of its existence through of endpoint of each them. It’s possiblethat all peers in the team are trusted-peers except the attacker.

The trusted peers create a hash (ﬁngerprint) for a number of received chunks(included the chunk number) plus an other hash of the endpoint fromwhere each chunk has been received. Depending on the computational poweravailable in the trusted peer host, all or a subset (can be random) of chunksare processed.

The hashes (both chunks and endpoints) are sent to the splitter, which checksif the received chunks have been altered (calculate the hash is necessary).

The splitter knows what chunk has been sent to each peer. Therefore if thesplitter receives a hash that does not match the one he has calculated candeduce that one of the chunks was altered and depending on the number ofcorresponding chunk is able to determine to which peer was sent the alteredchunk (note that all chunks follow the following process: the chunk ﬁrst travelsfrom the splitter to a peer which sends it to all other peers of the team).

When the number of altered/peer exceeds a treshold, the peer is rejected ofthe team. This is achieved not sending more chunks to the attacker(s) peer(s).Moreover the splitter sends a reject message that contain the endpoint of theattacker to all peers of the team, this ensures that the attacker is removedfrom the peers list of all peers of the team as soon as possible.

4.11.1 A model of the impact of an attack

This mathematical model estimates the averages of poisoned chunksXinto a team depending of number of trusted peersT, the numer of attackerspeers Aconcurrentlyin a team and the Pnumber of total peers (attackers or not) in the team. In addition, the modelestimates the number of poisoned chunks that arrives to any peer, always in averagevalues.

As noted in the begin of this section, the identity of the trusted peers is unknow forall except for the splitter. Moreover, the behavior of the attackers will be poison themaximun number of chunks. Note, however, that any intermediate selective situationwith the chunks poisoned can be consider similar to this one (are poisoned all possiblechunks) where the attackers number is lower.

Suppose initially that T=1(only exist one trusted peer in the team). In the more favorablesituation (and unlikely) for an attacker, this could reach up toP−1chunks if in the retransmission cycle the last chunk is sent to the only one trusted peer.Moreover, It may also happen that the ﬁrst poisoned chunk sent by an attacker arrivesto an only one trusted peer. In this case, only one chunk is poisoned. As theposition of the peers is random, the average number of poisoned chunks whenA=1andT=1is

X=P−1+12=P2

(10)

Suppose that exist more of one trusted peer(T>1andA=1). As nowthe probability of deliver a poisoned chunk to a trusted peer increment proportionality withT, the average number ofpoisoned chunks would be Ttimes lower, i.e., the average number of poisoned chunks would be

X=P2T

(11)

Finally, if there is more of one attacker(T>1andA>1), that amount wouldbe multiplied by A(suppose that the Aattackers poisons the chunks in parallel), getting

X=AP2T

(12)

From this expression can be derived two hypotheses. The ﬁrst one,that the impact of an attack depends of the ratio between number ofattackers and trusted peers ( expected behavior ). And second, that whenAandTare of the same order the average poisoned chunks tend to beP∕2In the case of exist alsonormal peers, clearly Xwill increase. For example, if there is a friendly peer too,Xwillincrease in a poisoned chunk per each concurrently attacker in the team. Therefore, it’sdetermined that

X=AP2T+(P−A−T)

(13)

As seen, the latter term does not signiﬁcantly aﬀect the average number of poisonedchunks, unless the team is very large, in which case, the attack is diluted because never thenumber of received chunks for each peer in the same retransmission cycle can be biggerthan A.